Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bitdefender turns off on startup. [Solved]

Started by reach1 , Nov 22 2014 02:36 PM

  • This topic is locked This topic is locked

#1
reach1
Posted 22 November 2014 - 02:36 PM

reach1

    Member

  • Member
  • PipPipPip
  • 130 posts

Basically Everything was working great, then I downloaded one old game. Now right after my os loads up bitdefender turns on then off for 28 seconds then turns back on. I deleted the game and bitd still does this. I don't know what is causing it.

 

I have bitdefender free, ccleaner, cryptoprevent, malwarebytes, mydefrag v4.3.1 and eset online scanner. all of those come up clean.

 

I am running a system low on resouces so I was thinking of getting a new free anti virus that uses less process power.

 

Anyway I don't know what my problem is, if I have maleware or not. yet I would like to fix it first and maybe someone could point me into a direction of a lower process draining free anti virus or any other software I could use or improve/upgrade.

 

I'm running windows xp.


  • 0

Advertisements

#2
reach1
Posted 22 November 2014 - 07:37 PM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

OTL logfile created on: 11/22/2014 7:27:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 366.69 Mb Available Physical Memory | 36.15% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.15 Gb Free Space | 83.62% Space Free | Partition Type: NTFS
 
Computer Name: GATEWAY400VTX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/22 19:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2014/11/21 23:37:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 18:24:33 | 001,133,864 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
PRC - [2013/10/23 18:24:25 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013/10/23 18:24:25 | 000,057,520 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/21 23:36:57 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/15 01:01:22 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/06/15 01:01:22 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/06/15 01:01:18 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2014/06/15 01:01:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2014/06/15 01:01:10 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2014/06/15 01:01:07 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/09/03 14:29:38 | 000,095,088 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdmetrics.dll
MOD - [2013/06/18 18:46:41 | 000,129,608 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Antivirus Free Edition\bdnc.dll
MOD - [2013/03/19 12:07:15 | 000,508,136 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/11/21 23:36:58 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/16 14:21:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 18:24:25 | 000,057,520 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/05/13 17:02:25 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/16 15:06:06 | 000,135,472 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2013/04/22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/04/17 17:19:36 | 000,148,600 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys -- (bdftdif)
DRV - [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/11/08 13:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prio.sys -- (prio)
DRV - [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2009/11/11 06:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/10/02 06:43:20 | 000,244,560 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:12.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/09/20 14:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014/11/22 00:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions
[2014/11/22 00:00:17 | 000,947,620 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:04:47 | 000,314,781 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:02:01 | 000,088,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:01:02 | 000,979,699 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/21 23:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/21 23:37:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/09/22 15:54:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [PC Cleaners] C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 FC FF 03  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00  [binary data]
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC7B1CA5-90E8-4381-A54C-9C148FE0EAC6}: DhcpNameServer = 192.168.0.43
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%windir%\XP SP3 N1280.exe) - C:\WINDOWS\XP SP3 N1280.EXE (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/05 14:22:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/22 19:18:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/11/22 12:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_
[2014/11/22 12:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ProPCCleaner
[2014/11/21 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/10/31 12:05:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2014/10/09 00:18:58 | 005,338,896 | ---- | C] (PC Cleaners) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/22 19:27:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/11/22 19:22:13 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/11/22 19:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/22 19:22:00 | 000,080,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/11/22 12:47:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\ProPCCleaner_Popup.job
[2014/11/21 23:17:54 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/11/21 22:22:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/11/21 22:21:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/11/21 22:21:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/11/16 14:21:23 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/16 14:21:22 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/11/16 14:21:22 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/10/29 09:48:25 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/22 19:22:00 | 000,080,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/11/22 12:47:42 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\ProPCCleaner_Popup.job
[2014/09/25 16:15:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2014/09/22 20:12:57 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\prio.ini
[2014/09/22 17:50:03 | 000,033,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/06/14 22:11:40 | 000,325,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/06/14 19:24:49 | 000,266,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-1957994488-289805187-1003-0.dat
[2014/06/14 19:24:40 | 000,065,610 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/06/09 04:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2014/05/29 20:56:02 | 001,067,008 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\file__0.localstorage
[2014/05/24 23:31:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2014/05/24 22:46:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2014/05/20 01:24:30 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2014/05/14 18:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2014/05/09 08:26:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2014/05/09 07:45:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/05 17:04:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/04/05 14:24:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/04/05 14:19:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/04/05 08:07:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
========== ZeroAccess Check ==========
 
[2014/05/08 16:07:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 21:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/18 21:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2014/10/09 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Cleaners
[2014/10/09 00:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2014/09/22 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2014/05/13 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverFinder
[2014/05/19 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Easeware
[2014/06/21 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2014/05/09 03:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2014/05/14 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/05/13 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2014/05/14 19:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TreeCardGames
[2014/05/08 18:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/11/22 12:46:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.?) -- C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.​
[2014/11/22 12:46:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.?) -- C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.​
[2014/11/22 12:46:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.?) -- C:\Documents and Settings\Owner\Application Data\Rainmaker Software Group LLC.​

< End of report >

 

 

 

 

OTL Extras logfile created on: 11/22/2014 7:27:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 366.69 Mb Available Physical Memory | 36.15% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.15 Gb Free Space | 83.62% Space Free | Partition Type: NTFS
 
Computer Name: GATEWAY400VTX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = CryptoPreventSCR] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1" = Solitaire XP version 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"BitDefender Gonzales" = Bitdefender Antivirus Free Edition
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"GTW Modem" = GTW Modem
"InfraRecorder" = InfraRecorder
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Prio" = Prio
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.1.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 5.11 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/22/2014 9:22:18 PM | Computer Name = GATEWAY400VTX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 11/22/2014 9:22:18 PM | Computer Name = GATEWAY400VTX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
[ System Events ]
Error - 11/22/2014 9:19:32 PM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
 arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 11/22/2014 9:21:24 PM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 11/22/2014 9:22:18 PM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 11/22/2014 9:22:25 PM | Computer Name = GATEWAY400VTX | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
 service which failed to start because of the following error:   %%1058
 
Error - 11/22/2014 9:22:36 PM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
 


  • 0

#3
reach1
Posted 05 December 2014 - 10:10 PM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

well since its been two weeks I just thought I would bump this thread. I would also like to note that my anti virus turns off ten seconds before shut down as well. My pc should be for the most part clean since I had every thing checked out 6 months ago.

 

One thing that would help me is to figure out how I can download files like games and not get a infection. When I downloaded the last game/file that was infected I tryed to scan it with my anti virus but it never scanned. My anti virus just said the file was in que for a scan but nothing scanned for two days so I just installed it.


  • 0

#4
godawgs
Posted 09 December 2014 - 10:19 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Sorry your topic was overlooked. We look for topics that haven't had any replies. Do you still need assistance?


  • 0

#5
reach1
Posted 10 December 2014 - 05:03 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

yeah, if you can. I have no clue what to do. Thank you.


  • 0

#6
reach1
Posted 10 December 2014 - 06:21 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

ok yeah, I tried to install Panda antivirus free 2015 but it didn't let me. I turned off cryptoprevent and restarted my pc then pro pc cleaner popped up out of no were. This is a program I downloaded after I was having problams with bitdefender turning off. aparently pro pc cleaner is malware because I can't get rid of it.

 

I just turned all my protection back on, i'll wait for help on this.


  • 0

#7
godawgs
Posted 10 December 2014 - 01:23 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello reach1, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

Please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Go to the topic and in the upper right corner, click the Vb7F2p.png Follow button. You will them be prompted with how often you wish to be notified. To the right of this button, it shows how many other people are watching the topic.

Please do not run any tools unless instructed to do so.

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

PCCleaner is a rogue antivirus program. Please don't download anything else except things I ask you to and don't try any more fixes on your own. It just makes the job harder.

The OTL log files are a couple of weeks old so I would like to see some new ones. OTL is best run from the desktop. So please go to the Downloads folder where OTl is now, double click the OTL icon to start the program and click the  btnCleanUp.png button. This will remove the old copy of OTL and the logs.
 
Next, download a new copy of OTL from here and save it to the desktop
 

  • Double click on the otlicon.pngOTL icon to run it.
  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • Check the box beside Scan All Users at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt will open on the desktop and Extras.Txt will be minimized on the taskbar. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log.
 


  • 0

#8
reach1
Posted 11 December 2014 - 04:59 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

OTL logfile created on: 12/11/2014 4:53:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 391.19 Mb Available Physical Memory | 38.56% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.19 Gb Free Space | 83.71% Space Free | Partition Type: NTFS
 
Computer Name: GATEWAY400VTX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/11 04:50:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/12/09 02:39:21 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 18:24:25 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013/10/23 18:24:25 | 000,057,520 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/09 02:39:04 | 003,758,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/06/15 01:01:22 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/06/15 01:01:22 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/06/15 01:01:18 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2014/06/15 01:01:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2014/06/15 01:01:10 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2014/06/15 01:01:07 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/09/03 14:29:38 | 000,095,088 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdmetrics.dll
MOD - [2013/06/18 18:46:41 | 000,129,608 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Antivirus Free Edition\bdnc.dll
MOD - [2013/03/19 12:07:15 | 000,508,136 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/12/09 02:39:07 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/30 13:20:57 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 18:24:25 | 000,057,520 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\CFcatchme.sys -- (CFcatchme)
DRV - [2014/05/13 17:02:25 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/16 15:06:06 | 000,135,472 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2013/04/22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/04/17 17:19:36 | 000,148,600 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys -- (bdftdif)
DRV - [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/11/08 13:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prio.sys -- (prio)
DRV - [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2009/11/11 06:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/10/02 06:43:20 | 000,244,560 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
IE - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:12.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/09/20 14:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014/12/04 03:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions
[2014/11/22 00:00:17 | 000,947,620 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:04:47 | 000,314,781 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:02:01 | 000,088,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\[email protected]
[2014/11/22 00:01:02 | 000,979,699 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33nhslg5.default-1416635410909\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/09 02:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/12/09 02:40:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/09/22 15:54:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [PC Cleaners] C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 FC FF 03  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00  [binary data]
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC7B1CA5-90E8-4381-A54C-9C148FE0EAC6}: DhcpNameServer = 192.168.0.43
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%windir%\XP SP3 N1280.exe) - C:\WINDOWS\XP SP3 N1280.EXE (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/05 14:22:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/11 04:50:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/12/11 04:10:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/12/10 05:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2014/12/09 02:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/22 12:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Rainmaker_Software_Group_
[2014/10/09 00:18:58 | 005,338,896 | ---- | C] (PC Cleaners) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/11 04:54:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/12/11 04:50:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/12/11 04:48:36 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/11 04:48:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/11 04:48:23 | 000,080,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/11/30 13:20:57 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/11/30 13:20:57 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/30 13:20:56 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/11/26 00:57:20 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/11/21 22:22:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/11/21 22:21:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/11/21 22:21:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/11 04:29:51 | 000,080,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/09/25 16:15:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2014/09/22 20:12:57 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\prio.ini
[2014/09/22 17:50:03 | 000,033,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/06/14 22:11:40 | 000,325,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/06/14 19:24:49 | 000,266,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-1957994488-289805187-1003-0.dat
[2014/06/14 19:24:40 | 000,065,610 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/06/09 04:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2014/05/29 20:56:02 | 001,067,008 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\file__0.localstorage
[2014/05/24 23:31:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2014/05/24 22:46:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2014/05/20 01:24:30 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2014/05/14 18:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2014/05/09 08:26:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2014/05/09 07:45:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/05 17:04:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/04/05 14:24:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/04/05 14:19:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/04/05 08:07:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
========== ZeroAccess Check ==========
 
[2014/05/08 16:07:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/24 21:30:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/18 21:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2014/12/10 05:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2014/10/09 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Cleaners
[2014/10/09 00:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2014/09/22 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2014/05/13 23:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2014/06/15 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\QuickScan
[2014/05/13 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverFinder
[2014/05/19 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Easeware
[2014/06/21 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2014/05/09 03:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2014/05/14 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/05/13 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2014/05/14 19:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TreeCardGames
[2014/05/08 18:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#9
reach1
Posted 11 December 2014 - 05:00 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

OTL Extras logfile created on: 12/11/2014 4:53:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.42 Mb Total Physical Memory | 391.19 Mb Available Physical Memory | 38.56% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 31.19 Gb Free Space | 83.71% Space Free | Partition Type: NTFS
 
Computer Name: GATEWAY400VTX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = CryptoPreventCPL] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.pif [@ = CryptoPreventPIF] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
.scr [@ = CryptoPreventSCR] -- "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
[HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1" = Solitaire XP version 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"BitDefender Gonzales" = Bitdefender Antivirus Free Edition
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"GTW Modem" = GTW Modem
"InfraRecorder" = InfraRecorder
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Prio" = Prio
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 2.1.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR 5.11 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/11/2014 6:30:09 AM | Computer Name = GATEWAY400VTX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 12/11/2014 6:30:09 AM | Computer Name = GATEWAY400VTX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
Error - 12/11/2014 6:30:50 AM | Computer Name = GATEWAY400VTX | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Service reached limit of transient errors. Will shut down. Last error returned
 from Service Manager: 0x80029c4a.
 
Error - 12/11/2014 6:48:42 AM | Computer Name = GATEWAY400VTX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 12/11/2014 6:48:42 AM | Computer Name = GATEWAY400VTX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
[ System Events ]
Error - 12/11/2014 6:29:21 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12/11/2014 6:30:09 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12/11/2014 6:30:16 AM | Computer Name = GATEWAY400VTX | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
 service which failed to start because of the following error:   %%1058
 
Error - 12/11/2014 6:30:27 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12/11/2014 6:47:51 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12/11/2014 6:48:42 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12/11/2014 6:48:49 AM | Computer Name = GATEWAY400VTX | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
 service which failed to start because of the following error:   %%1058
 
Error - 12/11/2014 6:48:59 AM | Computer Name = GATEWAY400VTX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
 


  • 0

#10
reach1
Posted 11 December 2014 - 05:15 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I will note I do have a lot of my processes turned off. My computer does run better with them off. I think some of the errors are from that.


  • 0

Advertisements

#11
godawgs
Posted 11 December 2014 - 11:32 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Even though you have BitDefender on your system it is not providing real-time protection. It isn't turned on. This could be because of malware or it could be because you have installed and uninstalled several anti-virus programs and that could have corrupted the BitDefender installation. We will address that in due course but please don't surf the net except to come here for instructions and please don't download/install any additional programs until we get it sorted.
A lot of policies have been set, removing things like Help, Logoff, Username, My Pictures, Network Connections, etc; from the Start Menu. did you set these policies on purpose?

Step-1.
Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the Downoad button.
    On the next page:
  • For the 32-bit version, click the Download button beside RogueKiller.exe and save the RogueKiller.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Double click the RogueKiller icon to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement and the browser will open with some information related to the program.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
  • Please post:
    All RKreport.txt text files located on your desktop.
    NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-2.
Virustotal File Upload:

To use Virustotal go  Here
Vp8Js.png

  • Click  the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\WINDOWS\XP SP3 N1280.EXE.
  • This will put the file in the  box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get  a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply

 

Step-3.
Fabar Recovery Scan

A.
Download the Tool

  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(32bit Version) button and save it to your desktop.

B.
Run the Tool
Close all open Windows and browsers

  • Double-click the FRST.exe file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
    xFRSTconsolelatest-petit.jpg
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question.
2. The VirusTotal URL link
3. The RKreport.txt log
4. The FRST.txt log
5. The Addition.txt log


  • 0

#12
reach1
Posted 12 December 2014 - 01:09 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

yup I turmed all those off.


  • 0

#13
reach1
Posted 12 December 2014 - 01:44 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

One little thing before I can start. I have ie disabled, I can't open ie. I use firefox. Not sure what I should do? just run RK, skip it or what?


  • 0

#14
godawgs
Posted 12 December 2014 - 09:08 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

You can use FF to download RogueKiller.


  • 0

#15
reach1
Posted 13 December 2014 - 05:07 AM

reach1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

No files popped up on my desktop were it was downloaded to, I clicked report and got this for Rougekiller.

 

 

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Scan -- Date : 12/13/2014  04:50:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 24 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PC Cleaners : "C:\Documents and Settings\All Users\Application Data\PC Cleaners\PCCleaners.exe" /minimize  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80  -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.../redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1606980848-1957994488-289805187-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 33nhslg5.default-1416635410909 : user_pref("browser.startup.homepage", "http://www.bing.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2040AH +++++
--- User ---
[MBR] 831dec1f62c3a1bec76a445dd5f1c07d
[BSP] 8d2a0d12d9750d3f6308814ee997e3bc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 38146 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09222014_175630.log - RKreport_SCN_09222014_182324.log


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP